The Internet firewall controls traffic between the Internet and public IP addresses. After Cloud Firewall is activated, you can enable or disable the Internet firewall for public IP addresses within your Alibaba Cloud account. This topic describes how to enable or disable the Internet firewall.

Prerequisites

The public IP address quota is not exhausted. The public IP address quota refers to the maximum number of public IP addresses that the Internet firewall can protect. For more information about the public IP address quotas in different Cloud Firewall editions, see Functions and features. To increase the quota, you can go to the Upgrade/Downgrade page and set Protected Public IP Addresses to a greater value based on your business requirements. For more information, see Upgrade Cloud Firewall and change configurations.

Background information

All the protection capabilities of Cloud Firewall are provided after firewalls are enabled. After you enable the Internet firewall, Cloud Firewall detects and analyzes traffic of public IP addresses.

Note We recommend that you enable the Internet firewall for all assets within your Alibaba Cloud account.

Procedure

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Firewall Settings > Firewall Settings.
  3. On the Internet Firewall tab, enable or disable the Internet firewall for public IP addresses.

    You can enable or disable the Internet firewall for all public IP addresses within the current Alibaba Cloud account with a few clicks. You can also enable or disable the Internet firewall for one or more public IP addresses.

    You can perform the following operations on the Internet Firewall tab:
    • Enable or disable the Internet firewall for all public IP addresses
      1. In the upper-left corner of the IP address list, click Enable or Disable.
      2. In the Confirm message, click OK to enable or disable the Internet firewall for all public IP addresses.

        You can also turn on Automatically Enable Firewalls for New Assets. After the switch is turned on, the Internet firewall is automatically enabled for newly added public IP addresses within the current Alibaba Cloud account.

    • Enable or disable the Internet firewall for one or more public IP addresses
      1. In the IP address list, find the public IP addresses for which you want to enable or disable the Internet firewall.

        You can search for the IP addresses based on specific conditions, such as Asset Type, Region, and Firewall Status. Alternatively, you can enter an instance ID or UID to search for IP addresses.

      2. Select the required IP addresses and click Enable Firewall or Disable Firewall in the lower-left corner of the list. You can also click Enable Firewall or Disable Firewall in the Actions column of an IP address.

Result

After you enable the Internet firewall, wait until the firewall status changes to Enabled in the Firewall Status column. The value Enabled indicates that the Internet firewall takes effect. After you disable the Internet firewall, wait until the firewall status changes to Disabled in the Firewall Status column. The value Disabled indicates that the Internet firewall no longer provides protection. It requires several seconds for the firewall status to be updated.

What to do next